Scam of the Day
Scam of the day – September 7, 2021 – Recruiting Firm Data Breach
As I have reminded you many times, we are only as safe and secure as the security of the companies and websites that have our personal information. So even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers. Administrative staffing agency Career Group, Inc. suffered a data breach between June 28th and July 7th, which was discovered by the company in early July. While the data breach occurred in late June and early July, the company is only now notifying its affected customers. Included in the compromised data were names and Social Security numbers. Social Security numbers in particular are treasured by identity thieves as information they can leverage to either access your accounts or to open bogus new accounts in your name.
TIPS
One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible.
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 6, 2021 – Inheritance Scam
We are all familiar with the Nigerian email scam, a common version of which begins with an email informing you that someone has died in Nigeria and has left you a large sum of money in his or her Will. You are initially told that you do not have to pay anything to get your funds, but as time goes, on you are asked for payment after payment under a variety of guises. Of course, the whole thing is a scam. Most people recognize that they don’t know anyone in Nigeria and ignore the email. However, there is now circulating a version of this scam that is a bit more convincing. It starts when you receive an email or snail mail letter that appears to come from a legitimate law firm that is handling an estate here in the United States. The email or letter informs you that indeed you are a beneficiary of the estate and it names someone who has the same last name as you as the person leaving you a bequest in his or her Will. Even though you don’t recognize the name of the deceased, it may appear to be legitimate. You are asked t pay a small “administrative fee” of generally between $20 and $50 to receive your inheritance. Then you are asked to send them information about your bank account so that the law firm can wire the money to your account. The problem is that anyone responding to this email or letter ends up not only losing the funds sent as the “administrative fee,” but also may provide sufficient information about their bank account to enable the identity thief to access their account and steal all of the money in it.
TIPS
This version of the Nigerian email scam is a bit more sophisticated than the usual version that still circulates on the Internet. The story is not so outrageously ridiculous as is often found in the more common versions of this scam. However, the common thread of something for nothing still appears in the scam and should make you immediately skeptical. In this case, you should confirm that the law firm contacting you is a legitimate law firm which is easy to do. Then you should contact the real law firm (if there is one) to determine whether or not they contacted you or someone posing as a real law firm did so. The request for an administrative fee is another indication that this is a scam because legitimate law firms do not charge administrative fees to beneficiaries of estates. You also could research the name of the deceased person at the Probate Court where the estate is supposedly being administered.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – September 5, 2021 -Cryptocurrency Phishing Scam
Cryptocurrency exchanges are digital platforms where you can buy, sell, exchange or store your various cryptocurrencies. There are many legitimate cryptocurrencies. Luno is a secure cryptocurrency exchange founded in in 2013 with millions of clients in many countries. Recently many Luno clients suffered data breaches and had their accounts stolen, however, the fault was not in Luno, but rather the individual clients who fell victim to a common socially engineered phishing scam. The targeted victims each received an email that appeared to come from Luno indicated that an incoming payment to their account was being placed on hold due to an error in their profile data. The email contained a link which the victim was instructed to click on to go to what appeared to be the legitimate Luno login page. This phony login page is copied below and looks quite legitimate, however, the URL of the linked page, upon closer examination is not a URL of Luno. Victims falling for the scam typed in their email address, password and mobile number, but were then taken to a page indicating a 403 error. Unfortunately, at this point the victims had turned over their account information and password to the scammers who promptly emptied their accounts.
TIPS
They key to avoiding devastating phishing scams like this that attempt to steal the access credentials to your financial accounts is to use dual factor authentication whenever possible. Luno does provide for dual factor authentication for all accounts so even if someone was duped by the socially engineered phishing email and provided their personal information including their password, their account would not have been in jeopardy if they had dual factor authentication because the scammer would not have been able to access the account merely using the stolen password. Always use dual factor authentication whenever it is offered and particularly with financial accounts.
You also should be wary of any email or text message that asks you to provide personal information such as your username and password for any account. Trust me, you can’t trust anyone. Whenever you get such an email or text message, you should carefully confirm the email address of the sender and the URLs of any links. You should also avoid clicking on any links unless you have confirmed that they are legitimate because merely clicking on an infected link can download harmful malware, such as ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – September 4, 2021 – History Repeats Itself With Conviction of Hacker of Nude Photos
It was seven years ago that I reported to you about stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Kayley Cuoco, Kim Kardashian, Scarlet Johannsson and others that were posted on the Internet by the hackers. The photos were taken from Apple’s iCloud. The problem then and now was not with Apple iCloud security, but rather with the people posting their photos there. Anyone who is able to get someone’s email address and password would find it easy to gain access to that person’s iCloud account and download the photographs and videos. Obtaining an email address is a relatively easy task for any hacker and then through social engineering, the hackers posed as Apple security employees and merely asked for the passwords used by the celebrities who provided them to the hackers.
It is said that those who forget history are doomed to repeat it and that is exactly what recently happened. Hao Kou Chi, a Californian sold his services as a hacker for hire to anyone who wanted nude photos stored in iCloud accounts of particular people. Similar to what happened in 2014, Chi emailed his victims posing as iCloud security from the email addresses “applebackupicloud” and “backupagenticloud” which appeared legitimate. He then tricked his victims to providing him with their iCloud account usernames and passwords which enabled him to gain access to their photos stored in the cloud. All in all, Chi stole 620,000 photos and 9,000 videos. Chi has been arrested and has pleaded guilty.
TIPS
So how do you protect the security of your account in the cloud?
For starters, you should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy. Make sure the password is a complex password that is not able to be guessed through a brute force attack. Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password. Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions. It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of what is your mother’s maiden name. Also and most importantly, take advantage of the two-factor identification protocols offered by Apple and many others. With two-factor identification, your password is only the starting point for accessing your account. After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account. Had Chi’s victims used the two-factor identification protocol, they would still have their privacy. It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth. Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones. However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 3, 2021 – How to Safely Use Public Wi-Fi
Whether we are at the airport, a hotel, a shopping mall, a coffee shop or almost anywhere else, you will usually find free public Wi-Fi service offered so that we can use our cell phones, laptops or tablets to connect to the Internet. However with this convenience can come danger. Too many people assume that the Wi-Fi that they are using is secure and this is not always the case. In fact, often an identity thief will go to the same coffee shop or other venue and set up his or her own Wi-Fi which is what you may unwittingly be tapping into when you think you are connecting to the Wi-Fi of the particular coffee shop or other place you find yourself at. Technologically, it is easy to set up a phony Wi-Fi that can steal data from your cell phone, laptop or tablet and use that information to make you a victim of identity theft. And even if you are not using the phony Wi-Fi of an identity thief, you may be using an insecure Wi-Fi that is susceptible to being hacked by a savvy identity thief who can steal your information in that way, as well.
So what can you do to make using public Wi-Fi safe?
TIPS
It is always a good idea to make sure that your cell phone, tablet or laptop has a good firewall and is protected by anti-virus and anti-malware security software that is updated with the latest security updates. It is a good idea not to use public Wi-Fi for banking or other financial transactions or, for that matter, anything that requires you to provide login credentials. Sensitive data should not be sent over public Wi-Fi. If you are going to use public Wi-Fi, the first thing you should do is check the hotspot name. Identity thieves often set up their phony Wi-Fi with names that appear quite similar to the legitimate Wi-Fi. For example, the public Wi-Fi offered at your coffee shop may be named GoodCoffee while the phony one may be something that with a cursory look appears legitimate, such as Go0dCoffee. Always make sure when using public Wi-Fi that you are on the legitimate Wi-Fi site before proceeding to use it. Many cell phones and other devices automatically connect to nearby networks, which can connect you to the identity thief’s phony Wi-Fi before you realize it. Therefore disable automatic connection to networks. Finally, the best thing you can do to protect your privacy and security when using public Wi-fi is to use a Virtual Private Network app which will encrypt all of your data before sending it through the Wi-Fi connection. Here is a link to an article I wrote about VPNs that will tell you all you need to know (and possibly more) about VPNs. https://au.norton.com/internetsecurity-wifi-how-does-a-vpn-work.html
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – September 2, 2021 – Hurricane Ida Charity Scams
As we have seen far too well during the Coronavirus pandemic, scammers are quite capable of taking whatever is happening in society and turning it into an opportunity to scam people. Natural disasters such as hurricanes and wildfires are common occurrences and we are about to enter both hurricane and wildfire seasons. Partially due to global warming, last year the United States experienced 22 major natural disasters that cost more than a billion dollars each. Natural disasters, such as hurricanes, wildfires, tornadoes and earthquakes bring out the best in people who want to donate to charities to help the victims. Unfortunately natural disasters also bring out the worst in scammers who are quick to take advantage of the generosity of people by contacting them posing as charities, but instead of collecting funds to help the victims of these natural disasters, these scam artists steal the money for themselves under false pretenses.
Hurricane Ida is the most recent natural disaster affecting millions of people in the Southern United States and while the levees constructed following Hurricane Katrina, which coincidentally hit New Orleans on the same day of sixteen years ago, held, levees protecting smaller communities outside of New Orleans did not fare so well and even in New Orleans the damage has been devastating. The damage throughout the South has been tremendous leaving people in dire need of assistance and scammers are busy posing as charities to steal your money from the needy.
Charities are not subject to the federal Do Not Call List so even if you are signed up for the federal Do Not Call List, legitimate charities are able to contact you by phone. The problem is that whenever you are get a phone call, you can never be sure as to who is really calling you so you may be contacted either by a fake charity or a scammer posing as a legitimate charity. Using a technique called spoofing, the scammers can manipulate your Caller ID to make it appear that the call is coming from a legitimate charity when it is not. Similarly, when you are solicited for a charitable contribution by email or text message you cannot be sure as to whether the person contacting you is legitimate or not.
TIPS
Never provide credit card information over the phone to anyone whom you have not called or in response to an email or text message. Before you give to any charity, you may wish to check out the charity with http://www.charitynavigator.org where you can learn whether or not the charity itself is a scam. You can also see how much of the money that the legitimate charity collects actually goes toward its charitable purposes and how much it uses for fund raising and administrative costs. Charitynavigator.org has a list of specific highly-rated charities that they recommend if you wish to assist people harmed by the storm. These charities include Good 360 and Direct Relief. For a full list and descriptions of these charities use this link. https://www.charitynavigator.org/index.cfm?bay=content.view&cpid=9005&search-box
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email where it states “Sign up for this blog.”
Scam of the day – September 1, 2021 – Grand Jury Indicts 8 Alleged Grandparent Scam Criminals
I am sure most of you are familiar with the grandparent scam where a grandparent receives a telephone call from someone purporting to be their grandchild who has gotten into some trouble, most commonly a traffic accident, legal trouble or medical problems in a far away place. The caller pleads for the grandparent to send money immediately to help resolve the problem. However the caller also begs the grandparent not to tell mom and dad. One would think that no one would be gullible enough to fall for this scam, but don’t be so hard on the victims of this scam. Scam artists have a knowledge of psychology of which Freud would have been envious and are able to use that knowledge to persuade their victims to send money right away. While this scam has been going on for approximately thirteen years, it continues to victimize people. Recently, a federal grand jury in San Diego indicted eight defendants for their roles in a national criminal network of criminals who are accused of swindling more than two million dollars from more than seventy elderly people across the country. As is most often the case, the crimes were initiated through a phone call in which the accused criminals impersonated the grandchildren of their intended victims although in some instances, the alleged criminals impersonated lawyers calling purportedly on behalf of the grandchildren. In all of the cases, the alleged criminals convinced the victims that their grandchildren were in imminent need of money for bail, medical expenses for car accident victims or to prevent criminal charges from being filed. In some instances, the alleged criminals persuaded their victims to wire money to the alleged scammers while in other instances they told the victims to mail the money and in some instances, the alleged criminals even came to the homes of their victims to collect the money.
TIPS
Sometimes the scammers do not know the name of their victim’s grandchildren, but often they do. In the San Diego case, the alleged criminals used the nicknames of the grandchildren when speaking to their intended victims. Sometimes they get this information from social media while in other instances they get this information from reading obituaries which may contain the names of grandchildren so merely because the correct name is used in the call is no reason to believe the call. Don’t respond immediately to such a call without calling the real grandchild on his or her cell phone or call the parents and confirm the whereabouts of the grandchild. If a medical problem is the ruse used, you can call the real hospital. If legal problems are the hook you can call the real police. You can also test the caller with a question that could be answered only by the real grandchild, but make sure that it really is a question that only the real grandchild could answer and not just anyone who might read the real grandchild’ s Facebook page or other social media.
Never wire money unless you are absolutely sure about to whom you are wiring the money and it is not a scam. Once you have wired money, it is gone forever. Also, students traveling abroad should register with the State Department’s Smart Traveler Enrollment Program at https://travelregistration.state.gov/ibrs/ui/. This program can help with communications in an emergency situation.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and insert your email address where it states “Sign up for this blog.”
Scam of the day – August 31, 2021 – Microsoft Outlook Phishing Scam
Today’s Scam of the day came from a long time friend and Scamicide reader who was savvy enough not to fall for this very clever scam. It starts when you receive an email that appears to have been sent by Microsoft Outlook informing you that you have received a voice mail message with a link to click on to access the voice mail message. If you do click on the link you will be directed to a phony, but legitimate appearing Outlook login page where you are prompted to provide your email address and password which is the information that the scammers are seeking. Having your Microsoft password and email address can lead to your becoming a victim of identity theft.
Here is a copy of the initial email message:
Here is a copy of the page to which you are directed if you click on the link to “Listen to your Voice Mail.”
TIPS
While this is a very persuasive phishing email that both looks legitimate and appeals to your curiosity, there are a few telltale signs that this is a scam. First and foremost, the email address from which the initial email is sent has no relation to Microsoft or Outlook. It may be the email address of an unfortunate person whose email account was hacked and made a part of a botnet used to send out such phishing emails while covering the tracks of the scammer. Second, nowhere in the email does your name appear. Third, the URL of the login page again has no relation to either Microsoft or Outlook. It is important to remember that unlike the pre-Internet days when counterfeiting took skill, it is very simple to make a very convincing counterfeit email that looks like it is coming from a legitimate company.
As I often advise you, never click on a link in an email unless you have absolutely confirmed that it is legitimate.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 30, 2021- Phony Covid-19 Grant Smishing Scam
Many of you may be unfamiliar with the term “smishing” which is described in detail in my book “Identity Theft Alert ,” however, you are probably familiar with the term “phishing” which describes the scam by which identity thieves will trick you in an email that appears to come from a person, company or governmental agency to go by way of clicking on a link to a phony website that appears to be that of a legitimate company or governmental agency. There you are either tricked into providing personal information that becomes used to make you a victim of identity theft or by merely clicking on the misleading link, you unwittingly download a keystroke logging malware program that reads and steals all of the personal information from your computer and proceeds to make you a victim of identity theft. Smishing is the latest development in this scam. Rather than coming to you by way of an email, a smishing attack delivers the scam to you through a text message, which is technically a “short message service” (SMS) hence smishing. Often the phony text message appears to be from your bank, telling you for whatever reason, you need to provide personal information. You may be told that you need to provide the information due to a security breach at the bank or for any other reason that may appear legitimate. However, it never is. Instead you will either be pumped for personal information or unknowingly download the keystroke logging malware.
However, recently Scamicide readers have been reporting an uptick of smishing text messages such as copied below which purport to tell you of your eligibility for government offered Coronavirus related payments and grants. These scams are particularly risky because we are all familiar with the actual stimulus payments twice sent to eligible Americans. However, those stimulus programs are done and the programs referred to in the text messages copied below are phony and do not exist.
A good rule to remember to protect yourself from these smishing scams is that no federal agency will initiate communication with you about anything through a text message and the legitimate stimulus programs did not use either email or text messages to alert people to the programs.
Here are copies of a couple of the text messages presently being circulated. I have removed the actual phone number from the first text message and the link from the second.
TIPS
Never respond directly to these text messages. Don’t text “stop” or “no” as sometimes suggested. Doing so only alerts the identity thieves that they have a real and active cellphone number. Instead forward the text to 7726, which spells SPAM on your keyboard.
You can never be sure when you receive a text message asking for information if the sender is who he or she says he or she is and even if the message originates from a legitimate cellphone, you can’t be sure that the legitimate cellphone was not hacked into and the message you receive is from an identity thief. If you ever have the slightest thought that the text message may be a legitimate message from your bank or any other entity with which you do business, you should contact the bank or other entity directly at a number that you know is correct to inquire about the text message. In this case, there is no need to confirm that these phony smishing text messages are indeed scams because, as I indicated above, they refer to non-existent federal programs.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/
Scam of the day – August 29, 2021 – Phony Restaurant Delivery Scam
Ordering food online for delivery was somewhat popular prior to the pandemic, but has become much more widely used as people want restaurant food without having to go to a restaurant. Many restaurants have taken advantage of this interest and set up websites to facilitate ordering food deliveries and companies such as DoorDash and GrubHub also take online orders for food deliveries from multiple restaurants. As could be expected scammers also are getting into the food delivery business although it would be more accurate to say that they got in the business of taking your online orders for food delivery, but deliver nothing except charges on your credit card.
Scammers create websites for phony delivery services using names such as “Order Hero” and “Order Ventures” or they mimic websites of legitimate restaurants or delivery services and through manipulating algorithms used by search engines to rank websites may appear at the top of a Google Chrome or other search engine search. Trust me, you can’t trust anyone.
TIPS
When you order online food from either a restaurant or a delivery service it is important to confirm that you are actually ordering from a legitimate restaurant or delivery service. Take the time to confirm the URL before placing your order and don’t trust a search engine search to be reliable merely because a website appears high on your search. An easy way to confirm that you have the correct URL is to call the restaurant or delivery service to make sure that you are using the correct URL.
As I often remind you, don’t use your debit card for anything other than an ATM card. Only use your credit card for your financial transactions because the protection you have from liability for fraudulent charges is much greater when using your credit card than it is when using your debit card.